Closed security-breachlock closed 4 years ago
This repo is for the desktop app called Guppy and not GuppyCMS.
Not sure where they're having their source code. I couldn't find it. Maybe you can send a DM to @GuppY_CMS on Twitter and ask.
It would be also good if you could mention a possible fix to the vulnerability e.g. add rel="noreferrer"
and remove the target="_blank"
- no need to add here, just add it to the issue at Guppy CMS.
Closing this as it is not related to Guppy.
Description:- When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change its location using the window.opener property. Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.
Vulnerability Name: Tab-nabbing via window.opener
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Rahul Kumar Rai
Proof of concept: Step 1. Login to the guppy5.02.09 as an admin. Step 2. Click on the “Golden Book” after that click on the “Post a message” and fill all fields. Then click on the “Send” button. We enter the window.opener file location link at the place of “Your Website”
Step3: For window.opener file you have to save the crafted code as a .html extension in your web server. Copy that file location which you uploaded in web server and paste it in "Your Website" parameter field. Here is my crafted code.
Step 4: After sending, here is my note. Then click on the link.
Step 5: After clicking on the link, a new tab will open. It is shown here.
Step 6: Here the initial tab was redirected to breachlock.com.